Symantec Developer Group

 View Only

  • 1.  Archive Encryption and Digital Signature

    Posted Aug 30, 2012 02:10 PM

    Hello,

    Couple questions about event archives in SSIM 4.7.4

     

    1) Are event archives encrypted? What about in FIPS mode, does it do anything to encrypt the events in the archive?

    2) Events in SSIM are broken up in 2 hr chunks or when they hit a size limit. Each chunk is compresed and digitally signed. The question is when the signing occurs.

      2a) Does it happen each time an event is added?

      2b) Or Does it happen once the chunk is "closed"? Or on some regular interval?

    3) Is each event in SSIM digitally signed? Or is it on a per chunk basis, or per archive basis?

     

    Thanks in advance



  • 2.  RE: Archive Encryption and Digital Signature
    Best Answer

    Posted Aug 31, 2012 04:01 AM

    Good questions :)

     

    1) Event are not encrypted but digital signed

    2) When the event file is still opened to add more, it is not signed. the signature occurs when the event service close the file.

    3) It is signed per file on disk as this is a flat file structure.



  • 3.  RE: Archive Encryption and Digital Signature

    Posted Sep 10, 2012 07:14 PM

    Perfect thanks! The data is un-readable in each archive file though right? So, even though it's not encrypted, it's stored in a non-readable format?